About Sysnative.com

At one time or another, most people who use the Windows operating system have experienced the dreaded "Blue Screen of Death" (BSOD) -- until Windows 8, a strange blue screen filled with numbers and codes, completely incomprehensible to most everyone.

Granted, there are occasions where a shutdown/restart or evoking "Last Known Good Configuration" appear to have resolved whatever issue caused the BSOD. More times than not, however, help is needed to trace the source of the problem. This is where Sysnative.com comes in to play.

Sysnative.com is the result of a vision of Microsoft MVP, John Griffith. John, known in forum communities as jcgriff2, specializes in Blue Screen of Death (BSOD) Kernel dump analysis. John also enjoys a reputation as an expert Windows forensic troubleshooter, typically sought by Windows Vista and Windows 7 owners after all else has failed.

John developed an application for use by BSOD OPs known as the "jcgriff2 BSOD File Collection app".
The output, including mini kernel memory dumps, is used by BSOD
Analysts who assist computer users in tracking down the source of the BSODs
plaguing their computers.

John also developed BSOD kernel dump file scripts that automate many of
the mundane tasks performed by the Windbg GUI. The scripts allow the
running of multiple BSOD kernel dump files vs. running dumps one-by-one
with Windbg. In addition, the scripts also incorporate a direct interface to the Driver Reference Table, known as DRT, created by Microsoft MVP John Carrona for driver look-ups.

The contributions by many talented people who are involved in
analyzing the data compiled by John's application have made the "jcgriff2 BSOD File Collection app" and the "jcgriff2/niemiro BSOD Dump Processing Scripts" the tools of choice for BSOD Kernel Dump Analysis.

Should you be faced with the dreaded Blue Screen of Death, expert assistance is available from the many talented analysts at Sysnative.com. Registration at the site is free, as is the help. Follow the BSOD Posting Instructions and rest assured, help is on the way!

Wait, there is more!

That is correct. Help isn't limited to BSOD crash analysis, debugging and error
reports. Help and information are available from Microsoft MVPs, Microsoft MCCA's as well others knowledgeable in Microsoft Windows Operating Systems, Programming,
Networking, Graphics, and Games.

*Sysnative Logo

The logo for Sysnative.com, displayed above, was created by a very talented graphic designer. I have long been acquainted with the designs he has made for ASAP members and member sites and was very excited when he volunteered to create a logo for Sysnative.com.

Aside from the fantastic Sysnative logo, one of my favorite examples of this talented designer, known on various help forums as NJustice or N_J, is the artwork and website design for Amelia Eisenhauer, a talented young singer.

If you or someone you know are in the market for a custom design, I heartily recommend contacting Amazing Dezigns.

Sysnative in 64-Bit Windows

The Sysnative alias was first seen with Windows Vista. The Sysnative folder is used by a 32-bit application to access the native system folder instead of the %WinDir%\System32 folder. In addition, WOW64 recognizes the Sysnative folder as a special alias. As a result, the file system does not redirect access away from the Sysnative folder. This mechanism is flexible and easy to use and the Sysnative folder can be used to bypass file system redirection.

Monday, May 28, 2012

Flame, aka Flamer or sKyWIper,
has been dubbed more complex than Duqu and Stuxnet. In fact, it has
been described as "the most sophisticated malware we encountered during
our practice; arguably, it is the most complex malware ever found."

Flame
is a sophisticated attack toolkit, which is a lot more complex than
Duqu. It is a backdoor, a Trojan, and it has worm-like features,
allowing it to replicate in a local network and on removable media if it
is commanded so by its master.

The initial point of entry of
Flame is unknown - we suspect it is deployed through targeted attacks;
however, we haven’t seen the original vector of how it spreads. We have
some suspicions about possible use of the MS10-033 vulnerability, but we
cannot confirm this now.

Once a system is infected, Flame begins
a complex set of operations, including sniffing the network traffic,
taking screenshots, recording audio conversations, intercepting the
keyboard, and so on. All this data is available to the operators through
the link to Flame’s command-and-control servers.

Later, the
operators can choose to upload further modules, which expand Flame’s
functionality. There are about 20 modules in total and the purpose of
most of them is still being investigated."

The map below, compiled by Kaspersky, shows the top seven countries affected by Flame:

"This
is an extremely advanced attack. It is more like a toolkit for
compiling different code based weapons than a single tool. It can steal
everything from the keys you are pressing to what is on your screen to
what is being said near the machine.

It also has some very
unusual data stealing features including reaching out to any Bluetooth
enabled device nearby to see what it can steal.

Just like
Stuxnet, this malware can spread by USB stick, i.e. it doesn't need to
be connected to a network, although it has that capability as well.

This
wasn't written by some spotty teenager in his/her bedroom. It is large,
complicated and dedicated to stealing data whilst remaining hidden for a
long time."

Sunday, May 27, 2012

SpywareBlaster has long been recommended to prevent the installation of spyware and other potentially unwanted software. It is probably the most well known program from the JavaCool Software label.

SpywareBlaster and the other JavaCool Software programs are now under a new label -- Brightfort. From the BrightFort About page:

"Our Company
BrightFort (formerly: Javacool Software) is a
privately-owned, US-based software company. Since 2002 we've been
dedicated to providing innovative and useful security and privacy
solutions.

We provide feature-packed yet lean programs. Our team
works closely together to design and build the fast, and compatible
programs that effectively solve critical problems and help improve your
computing experience."

BrightFort Programs

Prevent the installation of ActiveX-based spyware and other potentially unwanted programs.

Block spying / tracking via cookies.

Restrict the actions of potentially unwanted or dangerous web sites.

No-Nonsense Security
SpywareBlaster can help keep your system secure, without
interfering with the "good side" of the web. And unlike other programs,
SpywareBlaster does not have to remain running in the background. It
works alongside the programs you have to help secure your system."

Discover if the software you're about to install
displays pop-up ads, transmits personally identifiable information, uses
unique identifiers to track you, or much much more. EULAlyzer can
analyze license agreements in seconds, and provide a detailed listing of
potentially interesting words and phrases."

Microsoft Word (.DOC) files can contain more than just
text you see while editing them. Depending on the settings or features
you use, they may contain all kinds of additional information that you
may not want shared outside your home or company. Doc Scrubber lets you
see that information, and scrub it from files before sending them to
others."

Support

The following additional information is provided in the Security Bulletin:

The affected software listed have been tested to determine which versions are affected. Other versions are past their support life cycle. To determine the support life cycle for your software version, visit Microsoft Support Lifecycle.

Customers in the U.S. and Canada can receive technical support from Security Support or 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates. For more information about available support options, see Microsoft Help and Support.

International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit International Help and Support.

Saturday, May 05, 2012

Adobe Flash Player was updated to address critical security vulnerabilities. According to the Adobe PSIRT blog posting,

"There are reports that the object confusion vulnerability
(CVE-2012-0779) addressed in this update is being exploited in the wild
in active targeted attacks designed to trick the user into clicking on a
malicious file delivered in an email message. The exploit targets Flash
Player on Internet Explorer for Windows only."

Update Information

The newest version for Windows, Macintosh, Linux and Solaris is 11.2.202.235.

Priority and Severity ratings

Adobe categorizes these updates with the following priority ratings and recommends users update their installations to the newest versions:

Product

Updated Version

Platform

Priority Rating

Adobe Flash Player

11.2.202.235

Windows

1

11.2.202.235

Macintosh and Linux

2

11.1.115.8

Android 4.x

2

11.1.111.9

Android 3.x and 2.x

2

Flash Player Update Instructions

Adobe Flash Player for Android

The latest version for Adobe Flash Player for Android is available by downloading it from the Android Marketplace by browsing to it on a mobile phone.

Flash Player for Windows, Macintosh, Linux and Solaris

Although Adobe suggests downloading the update from the Adobe Flash Player Download Center or by using the auto-update mechanism within the product when prompted, if you prefer, direct download links are available.

Notes:

If you use the Adobe Flash Player Download Center, be careful to uncheck the optional McAfee Security Plus box. It is not needed for the Flash Player update.

Uncheck any toolbar offered with Adobe products if not wanted.

If you use alternate browsers, it is necessary to install the update for both Internet Explorer as well as the update for alternate browsers.

Verify Installation

To verify the Adobe Flash Player version number installed on your computer, go to the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe Flash Player" from the menu.
Do this for each browser installed on your computer.

To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.

When Adobe Flash Player is updated, it is recommended that Adobe AIR version be checked as well. Go to Adobe AIR Help to determine the version of Adobe AIR runtime installed.

Thursday, May 03, 2012

On Tuesday, May 8, 2012, Microsoft is planning to release seven (7) bulletins, of which three bulletins are identified as Critical and the remaining four as Important.

The bulletins address twenty-three (23) vulnerabilities in Microsoft Windows, Office, Silverlight, and .NET Framework. At least two of the updates will require a restart. If you have had difficulties with .NET Framework in the past, it is strongly advised that update be installed separately.

As happens each month, Microsoft will also release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services, and the Download Center.

Wednesday, May 02, 2012

When Windows Live was introduced in 2005, it took me a while to get accustomed to adding "Windows Live" to Hotmail, Windows Messenger, Windows Movie Maker, Windows Photo Gallery, and the other programs that eventually became Windows Live Essentials*.

With the changes announced today at the Building Windows 8, it is time to start getting adjusted to new terms. After all, when logging on to Windows 8 with your Microsoft account (formerly Windows Live ID, the apps will be immediately available with the information provided by cloud services.

The chart below was provided at the Building Windows 8 blog showing the new breakdown of software and services.

See the Building Windows 8 blog for additional information about the rebranding of Windows Live as Microsoft Apps. Detailed information has been promised in upcoming articles about Microsoft account, cloud services, SkyDrive, Hotmail,
Messenger, as well the work Microsoft is doing with Skype.